“Passwordless” Logins allow user to login with only their email address. After providing their email address, they receive an email with a “magic link” (a URL with a sign-in token as parameter). They click on the magic link, get redirected to the login page and are henceforth successfully logged in. The login tokens are typically valid for 15min and can only be used once.
My team an I wrote a library based on the popular Ueberauth framework that handles the whole authentication flow for you. It is called
ueberauth_passwordless and you can find it on GitHub. I hope the docs explain well enough how to get started.
It uses Ueberauth’s
handle_request! function to create and send the magic links to the user. A custom module must be defined which sends the actual email. You can use any mailing framework you want (I prefer Bamboo though for its testability). When a user clicks on the magic link, the
handle_callback! function handles the verification of the token. The library gives you full control over what happens after the verification. My main goal was to keep the library flexible and customizable so that you can integrate it into your system according to your needs.
Any feedback or improvement suggestions are more than welcome
Previous Work and Gratitude
I’d like to thank @zanderxyz for his Veil library. It helped me a lot with getting started. I decided against using the Veil library though since I didn’t want to have extra DB Schemas and some more control over the whole authentication flow. Also, this repo helped me a lot to understand implement a custom Ueberauth authentication flow.